Search CVE reports
1 – 10 of 11 results
CVE-2024-43402
Medium priorityRust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass...
2 affected packages
cargo, rustc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Not affected | Not affected | Not affected | Not affected |
| rustc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-24576
Negligible priorityRust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on...
2 affected packages
cargo, rustc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cargo | — | Not affected | Not affected | Not affected | Not affected |
| rustc | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-40030
Medium prioritySome fixes available 1 of 8
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A...
2 affected packages
cargo, rustc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rustc | Fixed | Not affected | Not affected | Not affected | Not affected |
CVE-2023-38497
Medium prioritySome fixes available 6 of 11
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If...
3 affected packages
cargo, rust-cargo, rustc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Fixed | Fixed | Fixed | Fixed |
| rust-cargo | Vulnerable | Fixed | Not in release | Ignored | Ignored |
| rustc | Fixed | Not affected | Not affected | Not affected | Not affected |
CVE-2022-46176
Medium prioritySome fixes available 4 of 8
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to...
2 affected packages
cargo, rust-cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Fixed | Fixed | Vulnerable | Vulnerable |
| rust-cargo | Not affected | Vulnerable | Not in release | Not in release | Ignored |
CVE-2022-36114
Low prioritySome fixes available 3 of 6
Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted...
1 affected packages
cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2022-36113
Low prioritySome fixes available 3 of 6
Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an...
1 affected packages
cargo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2022-23639
Medium prioritySome fixes available 8 of 39
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was...
11 affected packages
cargo, firefox, librsvg, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Not affected | Not affected | Not affected | Vulnerable |
| firefox | Fixed | Fixed | Ignored | Ignored | Ignored |
| librsvg | Not affected | Not affected | Not affected | Not affected | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| rust-crossbeam-utils | Not affected | Vulnerable | Vulnerable | Not in release | Not in release |
| rust-crossbeam-utils-0.7 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
| rustc | Not affected | Fixed | Fixed | Not affected | Vulnerable |
| thunderbird | Ignored | Ignored | Ignored | Ignored | Ignored |
CVE-2022-0326
Low priorityNULL Pointer Dereference in Homebrew mruby prior to 3.2.
5 affected packages
cargo, groonga, h2o, mruby, nghttp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Not affected | Not affected | Not affected | Not affected |
| groonga | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| mruby | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| nghttp2 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-0240
Low prioritymruby is vulnerable to NULL Pointer Dereference
5 affected packages
cargo, groonga, h2o, mruby, nghttp2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cargo | Not in release | Not affected | Not affected | Not affected | Not affected |
| groonga | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| mruby | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| nghttp2 | Not affected | Not affected | Not affected | Not affected | Not affected |